Need for Next Gen Identity Governance and Administration Solution

This is the first installment in a series of posts that we at Saviynt will be bringing to you on the current state of Identity Governance and Administration (IGA) and the path towards a better future.

Identity Governance is so fundamental to security that you see most organizations attempting to address this with one or more solutions. Despite significant investment of time and money for several years, we see organizations continue to struggle with their IGA implementation. The maturity is usually so low that only a handful of applications are integrated, while the portfolio has hundreds of applications. Poor user experience further limits adoption and results in rubber stamping and excessive access, opening the door for potential data breach.

First generation IGA solutions were primarily built to automate provisioning and meet some basic compliance requirements. However, they have not accounted for new business needs or different types of internal or external users. Most IGA solutions only understand coarse-grained access and cannot be easily extended to secure data, infrastructure or fine-grained application access.

On the other hand, IT is undergoing a huge transformation with adoption of Cloud, Mobile and IOT technologies. While these new models and technologies are improving how businesses are run, they are introducing new set of security challenges. This is even more pronounced in the wake of several targeted attacks to steal sensitive information, with some using compromised administrative accounts. Digital Identities have been and will continue to be the weakest link in security chain.

Saviynt Vision

Our vision is to deliver the next generation solution that brings together IGA, Cloud Security and Application GRC in a unified and integrated platform. A platform that is intelligent, risk based, driven by analytics to manage security and business processes more effectively and efficiently.

For example, we address the challenges around cloud security holistically, by not just focusing on SaaS applications, but also including IaaS and PaaS providers. So, you have once place to manage and monitor different types of cloud services.

Using analytics, we bring significant innovations to IGA processes including access certification – where we are moving organizations towards continuous micro certification that focuses attention towards risky access calculated dynamically by our usage and peer analytics. We also enable certifiers by providing all tools necessary to make informed decisions with the intent to reduce rubberstamping.

To improve user experience and increase adoption, we offer Amazon and Netflix style access recommendations on what should they be requesting. We enable approvers and certifiers with risk-based decision tools on which access should they be approving. We have extended the recommendations to automatically identify orphan and service account owners so that you can clean up existing access.

We also extend IGA to include GRC functionality such as segregation of duty management, continuous controls and apply them across critical assets such as SAP, SAP HANA, Workday, Oracle EBS, Office 365, AWS and Azure.

No matter where your critical assets reside, we enable organizations to effectively manage who has access to what, why do they need that access and what are they doing with that access.

In the upcoming blogs, we drill deeper into each of the solution areas and focus our attention on platforms (e.g. AWS, S/4HANA, Epic etc.) where we have built in-depth integration and solve some of the pressing security challenges.

Yash Prakash

About author

Yash Prakash, Chief Operating Officer at Saviynt, is responsible for product management, product marketing along with supporting other strategic initiatives across the company. Yash has over 13 years of experience in consulting, business development, portfolio management and executing complex security projects for leading enterprises across the globe.

Leave a Reply

Your email address will not be published. Required fields are marked *